create-github-action
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill performs legitimate scaffolding operations using local Python scripts.
- [EXTERNAL_DOWNLOADS]: The generated workflows reference official and well-known GitHub Actions (e.g.,
actions/checkout,actions/setup-python,github/codeql-action). These are from trusted GitHub organizations and well-known services. - [COMMAND_EXECUTION]: The skill executes local Python scripts (such as
scaffold_github_action.py) to generate workflow files. This is the intended behavior for a scaffolding tool and does not involve unauthorized command execution. - [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The skill follows security best practices by using secret placeholders (e.g.,
${{ secrets.PYPI_TOKEN }}) in its generated templates instead of hardcoding credentials.
Audit Metadata